Re: [TLS] Please discuss: draft-housley-evidence-extns-00<

["Steven M. Bellovin" <smb@xxxxxxxxxxxxxxx>]

On Tue, 9 Jan 2007 23:10:43 +0100 (MET)
Martin Rex <martin.rex@xxxxxxx> wrote:

>
> I don't think that Online Banking (customer<->bank) is an area 
> that is in desperate need of (TLS) Evidence.   In many if not most
> scenarios that I know, the customer has to deal with / pay for
> the majority of fraud, making it an "externality" for the bank,
> which is why e.g. there are lots of el'cheapo ATM cards
> in use (at least here in Germany), i.e. simple magnetic strip cards
> that can be copied, and only its use protected by a 4-digit
> Number/PIN.
> 

That's very much dependent on local laws.  In the US, it's generally
the bank that pays, partially in response to competitive pressures.
And there are still plenty of ATM cards, with just a mag stripe and PIN.
(See p. 203 of Ross Anderson's "Security Engineering", which you can
download from http://www.cl.cam.ac.uk/~rja14/book.html -- that page is
in chapter 9.)

		--Steve Bellovin, http://www.cs.columbia.edu/~smb

_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls